Lightweight Authentication Scheme for Healthcare With Robustness to Desynchronization Attacks

Remote healthcare monitoring systems are gaining a lot of interest as they enable doctors to use public channels to get real-time data from the sensors placed in/on the patient’s body. This necessitates the implementation of a robust authentication scheme to ensure secure communication between trusted healthcare providers and sensors which are usually low in resources. To address these issues, in 2021, Masud et al. presented a lightweight anonymous user authentication scheme for securely obtaining patient’s real-time data. Their protocol is considered practical for deployment on sensor nodes as it only utilizes hash functions and does not require any public-key cryptography. In this work, we demonstrate how their protocol loses synchronization when a message is blocked/jammed and how in some scenarios, the protocol is exposed to the risk of session key disclosure and cannot ensure forward secrecy. To overcome these threats, we propose LAPRD , a lightweight mutual authentication protocol that provides robustness to desynchronization attacks. The proposed scheme uses a one-way hash chain technique to ensure forward secrecy and enable resynchronization between the protocol entities in the event of a desynchronization attack. LAPRD also achieves user and sensor node anonymity, thus ensuring privacy of the communicating entities. With the demonstration of both formal and informal analyses, the proposed protocol is ensured to withstand the identified attacks in Masud et al.’s scheme. The comparative analysis in terms of security and performance with relevant protocols indicates that the proposed protocol ensures higher security with considerably low computation and communication overheads, making it suitable for practical implementation in a lightweight healthcare environment.